Private Cloud Storage via Open Source

Embed Size (px)

Citation preview

Vizuri Introduction

Liberate Your Files

Private Cloud Storage ...
On Your Terms

Isaac Christoffersen@ichristo

The Challenge:

Keep my data both secure and accessible

Where your data right now?

More than 75 percent of businesses have shared or stored sensitive company information on public clouds services Symantec.

40% experienced the exposure of confidential information

40% reported that they had lost data in the cloud and had to restore it from backups

Average cost of a data breach equaled $5.5 Million in 2011 (Infosecisland.com)

Do you have a Dropbox Problem?

For main parts to the solution

Control you server Physical, virtual, private cloud Where everything is integrated and admins control access and administer the system

Storage Your storage AGNOSTICNAS, SAN, direct attached whatever you have or wantHybrid too if you choose

Access web clients, mobile devices, desktop clients, and a standard WebDAV connection

Extensibility the secret sauce of ownCloud, this extensible framework for creating plug-ins

ALL Runs inside your firewall, managed by your admins, to your security and access polocies

The Problem Dropbox Created

The Problem:Dropbox created huge demand for file sync and share...

Simple

Free

Fast to obtain

It just works

...at the risk of user and IT security.

So what is the problem?

Dropbox created something amazing

SimepleEasy to getEasy to useIt just works

Drop a file in the folder, it show up on server, and then to all other devices or users

The problem is it is not secure lots of news to this affect

The Problem Dropbox Created

The Problem:Dropbox created huge demand for file sync and share...

Simple

Free

Fast to obtain

It just works

...at the risk of user and IT security.

44%*

* Use Dropbox in the enterprise without permission, Osterman Research

However, in an attempt to be more productive, users use it anyway

In a recent survey, 44% of enterprise users (>1000+) use dropbox without Its permission Not all that secure, Lots of people using it anyway

Opens you to risk of lost sensitive data

The little dropbox can be a big source of leaks why it is upside down over here

The Solution:

Private Cloud Storage the Open Source Way

What should a cloud storage solution have?

Extensible & Open APIs

Dynamic Scaling

Search & Retrieval

Tools

Storage Replication

Collaboration & Sharing

Access from

Anywhere

Regain control with Open Source

Freedom and control via Open Source

Let your data out into the open, not into the wild

Your Data, Your Cloud, Your Control

What is ownCloud

ownCloud helps enterprises concerned about sensitive data leakage via Dropbox deliver a secure file sync and share solution on their storage inside their data center.Protect and Manage sensitive data by storing it on-site, on their servers, managed to their policies

Integrate seamlessly into existing infrastructure

Extend functionality through extensive APIs

AND STILL provide the seamless, easy-to-use access to sensitive data that end users have come to expect from consumer-grade services.

Host in your data center

Store on your storage

Integrate via Plug-ins

Extend with Plug-ins

Sync files and folders

Share files and folders

ownCloud Server the brains

iOS and Android mobile access apps

Windows, Mac and Linux desktop file sync clients

ownCloud is a distributed application with mobile, web, and desktop clients

Open Hybrid Cloud Storage

And one more layer down, you see the server

The APIs are part of why we are so flexible, as is the standard n-tier architecture

We are PHP, support Oracle, MySQL, Postgres as databases

We have a management panel and logging apps to provide insight and control

External provisioning api for use with automationSharingCapability

Storage abstraction layer: whatever you have plus cloud storage, all abstracted by ownCloud to make it simple to use the storage you have

OpenShift PaaS

Cloud-Class Agility

Designed for No Lock-In

Polyglot with Java, Ruby, PHP, Perl, Python

Mobile and Responsive Web

REST and Javascript

Enterprise-Class Strength

Enterprise Java EE6 via JBoss

Multi-tenancy and Security via Red Hat Enterprise Linux

Jenkins, Maven, Git

Auto-Scaling

On-Premise, Hosted, or Hybrid

Established

New

OpenShift = Open Hybrid PaaS

OpenShift provides a Cloud Application Platform that bridges todays two diverging application development worlds. OpenShift brings Enterprise-class strength and maturity to the Cloud and also enables both proven enterprise application stacks like Java EE as well as newer rapid-development oriented application stacks like LAMP, Ruby and Node.JS.

OpenShift includes the tools needed for rigorous application development like Maven and Jenkins, as well as support for NoSQL databases and Mobile application development.

Soon to be available in either public, private, or hybrid cloud implementations, OpenShift delivers the Control and Security that IT Operations demands and the Velocity and Agility that Application Developers desire.

OpenShift is the industrys first Open Hybrid PaaS.

Security and multi-tenancy via SELinux

RHEL

RHEL

SELinux Policies securely subdividethe Node instances.

Broker

Node

Node

Node

RHEL

AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

One of the unique features of OpenShift is that within the Nodes, OpenShift provides secure, fine-grained, multi-tenancy by leveraging powerful Red Hat Enterprise Linux subsystems such as SELinux (Security Enhanced Linux), CGroups (Control Groups), and NameSpaces to divide up the RHEL instances into slices that can be dedicated to each user application firewalled off from each other.

Multi-tenancy through OpenShift Gears

RHEL

RHEL

OpenShift GEARS represent secure containers in RHEL

Broker

Node

Node

Node

RHEL

AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

These slices of RHEL are called OpenShift Gears. OpenShift Gears are super-secure and highly efficient containers that host user applications in OpenShift. To the user, the Gear appears like an instance of RHEL. They can even SSH in to the gear. They can see their processes, their memory, and their filesystem, but they are prevented from seeing or impacting anyone elses environment or the system as a whole.

SELinux was built by Red Hat in conjunction with the National Security Agency in order to support some of their strict requirements. It is a Deny everything, and allow by exception policy subsystem that allows very strict control of what processes and users can do. In OpenShift, SELinux policies are used to enable hi security in a container based multitenant environment.

Likewise, Control Groups are used to carefully control what resources an OpenShift Gear is able to consume. Cgroups allow Gears to consume CPU and RAM but also limits that consumption based on configurable policies.

And finally NameSpaces are used to allow each Gear to have its own file system complete with the system directories that it may need including /tmp, /var, and others.

Red Hat has been able to leverage these technologies to build a secure and yet efficient multi-tenant PaaS because Red Hat has incredible knowledge with respect to the Operating System underneath, Red Hat Enterprise Linux. With some of the best linux kernel coders in the world, Red Hat has used these smarts to build a cloud Platform-as-a-Service on top of the industry leading enterprise Linux operating system.

OpenShift Gears represent the resulting benefit of leveraging this wealth of knowledge in the Operating System Platform to build a Cloud Application Platform that is both super-secure and highly efficient.

The OpenShift Gear-based architecture provides two other key benefits:

Deploying multi-tenancy inside of RHEL Nodes allows many, many applications to be maintained by deploying maintenance to a much smaller set of RHEL Operating System instances. The Sys Admins job becomes much easier when they only need to patch and perform maintenance on a small number of nodes instead of 1000s of Virtual Machine instances (as would be the case with VM-based multi-tenancy).

OpenShift also has the ability to Idle Gears that are not actively being used. In this situation the Broker will take a snapshot of an application Gear and write it to disk to take it out of RAM. Network connections are maintained so when an application URL is requested, the Gear will be un-idled and able to service the request quickly. This Idling technology allows many more Gears to be supported within one instance of RHEL because not all Gears will be active at the same time. Implemented for the OpenShift hosted service, this Idling capability is also beneficial to the enterprise that wants to optimize resource consumption as much as possible.

OpenShift automates application scaling

Broker

Node

Node

Node

RHEL

HA-Proxy

MySQL

Java

Code

Java

Code

Php

Code

AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

And, once the application is launched within the OpenShift PaaS, OpenShift provides the elasticity expected in a Cloud Application Platform by automatically scaling the application as needed to meet demand.

When created, applications can be flagged as Scalable (some apps may not want to be scaled). When OpenShift sees this flag, it creates an additional Gear and places an HA-Proxy software load-balancer in front of the application. The HA-Proxy then monitors the incoming traffic to the application. When the number of connections to the application crosses a certain pre-defined threshold, OpenShift will then horizontally scale the application by replicating the application code tier of the application across multiple Gears.

For JBoss applications, OpenShift will scale the application using JBoss Clustering which allows stateful or stateless applications to be scaled gracefully. For Ruby, PHP, Python, and other script-oriented languages, the application will need to be designed for stateless scaling where the application container is replicated across multiple gears. The Database tier is not scaled in OpenShift today.

Automatic application scaling is a feature that is unique to OpenShift among the popular PaaS offerings that are out there.

Automatic scaling of production applications is another example of how OpenShift applies automation technologies and a cloud architecture to make life better for both IT Operations and Development.

CONSOLIDATED INFRASTRUCTURE RESOURCE POOLS

BIG DATA RUNS ON THE CLOUD

INFRASTRUCTURE
FOCUS

LINUX ADJACENCY

STABILITYRELIABILITYUPGRADEABILITY

RED HAT
STORAGE

SERVICES FOR UNSTRUCTURED DATA

ENTERPRISE
CLASS

FILE-CENTRIC
STORAGE(NAS Alternative)

Gluster provides the storage foundation

ADMINISTRATOR

RED HAT
STORAGE CLI

USERS

SSH

NFS

CIFS

Fuse

OpenStack Swift

Cloud Volume Manager
(glusterd)

Cloud Volume Manager
(glusterd)

Cloud Volume Manager
(glusterd)

Brick
(glusterfsd)

Brick
(glusterfsd)

Brick
(glusterfsd)

RED HAT STORAGE POOL

VIRTUAL

PHYSICAL

GLUSTER STORAGE50,000 FOOT OVERVIEW

Brick
(glusterfsd)

Brick
(glusterfsd)

Brick
(glusterfsd)

Brick
(glusterfsd)

Brick
(glusterfsd)

Brick
(glusterfsd)

SITE A

CLOUD A

OR

SITE B

CLOUD B

Cloud instances, on-site, data centers, or all of the above

Highly Scalable StorageMultiple peta-byte clusters

Geo-replication to disperse data

Highly Cost-EffectiveLeverages commodity x86 servers

Leverages existing capacity within virtual Machine environment

Highly FlexiblePhysical, virtual, cloud and hybrid deployment models

File and object access protocols

Deployment AgnosticDeploy on-premise, in the public cloud or a hybrid setup.

Open & Standards BasedNFS, CIFS, HTTP

GlusterFS - the foundation for private Cloud Storage

Next-generation cloud storage on your terms

Example text

Secure multi-tenant environment with built-in autoscaling and encryption

Geo-replication support with massive redundancy and pro-active self-healing

Example text

Mobile, desktop, and web clients let you work from anywhere

Integrates with existing infrastructure and corporate audit & compliance policies

Example text

Free of lock-in and extensible through open APIs

Built on top of enterprise-class, professional open source software

Demonstration

Key Components in Action

OpenShift Enterprise1 Broker with 2 Nodes

Red Hat Storage2 Nodes with 1 Brick per Node in a distributed configuration

ownCloud Deployed as an OpenShift GearMySQL

Php 5.3

Thank you

Links

ownCloud OpenShift Quickstarthttps://www.openshift.com/quickstarts/owncloud

OpenShift Origin Puppet Scriptshttp://openshift.github.io/origin/file.install_origin_using_puppet.html

Red Hat Summit Liberate Your Fileshttp://www.redhat.com/summit/sessions/index.html#73

ownCloudhttp://www.owncloud.org

vizuri.com